S/key One-Time Passwords

Introduction

Panix supports s/key for one-time passwords (also known as challenge/
response authentication). One-time password (OTP) systems are based on a
secret passphrase that the user is careful never to send over a
computer network or to type in on an untrusted machine. Instead,
when the user wants to log in, the remote computer sends a "challenge"
consisting of a seed and a sequence number (see below), and the user
runs a "calculator" on a trusted machine that, using the seed and
sequence number from the challenge, together with the user's secret
passphrase, produce a single-use password that can be safely sent
over an untrusted network or typed in on an untrusted machine.
The one-time password is only valid for the next login on that host
- after that, it is useless.

The one-time password system has several parts -

• prompt - this is made up of two parts:

seed - this is an arbitrary string that will be used
as part of the challenge every time you log in. It is set up when you
first install OTP on your account.

sequence number - a number that starts high, usually around 9999,
and gets decremented every time you log in. This is also used as part
of the challenge.

• Secret passphrase -

this is a password that you keep "secret" in that you never send
it over a computer network or disclose it to the computer that you
are logging in to. You ONLY disclose it to the calculator program
that generates the one-time responses, and you should ONLY run the
calculator program on a host that you are accessing locally (i.e. not
over a network) and that you trust (i.e. your own computer, not some
random workstation in an Internet cafe).

• One-time password, or OTP (the output of the calculator
program) -

Usually six short words like "MELT FAWN MAST OWN MA TROY" or, in
some cases, a hex output like " 567F ECE1 F852 964C"

Each time you use a one-time password, the sequence number decreases
by one, so the next time you make the calculation you get a new
set of six words.

Using a one-time password means that if someone is sniffing your
entries on the user hosts they'll get only the password you're
using this time-- and that's not going to work because it's already
being used.

Keeping S/key secure

S/key is secure only if you are scrupulous about the following:

You should never enter your passphrase into any of the Panix user
hosts-- or, for that matter, into any multi-user machine or even
a single-user machine that you cannot completely trust.
If you are not going to have a secure machine available to calculate
your next one-time password (OTP), you can print it (or several of them)
out in advance from a trusted machine. Most S/key calculators will let
you print out a list of passwords (with their corresponding sequence
numbers). You need to keep the list
secure, and you should cross off each OTP as you use it so that you
will notice if someone else has managed to peek at your list.

You must set up s/key on each of the Panix hosts. If we add a new
user host you need to set up s/key on that host. We urge you to
start the count at 9999, and to use the default seed that the machine
presents. In any case, you absolutely must make sure that the seed
is different on each machine (or your one-time passwords won't be
"one-time").
Remember, you still need your regular password for RADIUS (dialup)
authentication, for POP, and to authenticate to the news server-- and
to initialize your new s/key. Furthermore, your regular password can
still be used to log into any of the userhosts, even if you've set up
s/key on that host.

You should watch the count. If you are presented with a sequence
number that is decremented by more than one since the last time you
used s/key on that host, then someone else may have your passphrase.

You should re-initialize your s/key login when the count reaches 8000.

If you like, you can use the same secret pass phrase on all the
user hosts, but you must be sure to use a different seed on each
and not to repeat a seed. (Using a different pass phrase for
each host is more secure, but harder to keep track of.)

Setting up S/key on your Panix shell account

To initialize your Panix account for s/key, you need to do the following:

Decide on a calculator program. Do NOT use the "skey"
command on the Panix userhosts, since you can only access them over a
computer network. If you have a PC or Mac, download S/key, OTP, or
OPIE software from a trusted source.
If you run Unix workalike at home, you may already have the "skey"
command installed; if not, please inspect your ports or packages tree
and your local documentation.

Decide on a secret passphrase. You are not restricted to the Unix
8 character password, so you can pick a short sentence, a verse
from a poem or song, or whatever you like.

Enable one-time passwords on your Panix account. The command to
use is "skeyinit -s" -t md5. Here is a sample session, with the username
"joeuser". Note the "stage directions" marked in italics that indicate
actions like typing in your password or running the s/key calculator on
your trusted machine. % skeyinit -s -t md5 Password: Enter your normal Unix
password here [Adding joeuser] You need the 6 english words generated from
the "skey" command. Enter sequence count from 1 to 10000: 9999 Enter new seed [default pani58574]: Enter a
new seed or press RETURN for the default otp-md4 9999 pani58574Run S/key calculator on a secure host
with your passphrase to get a response s/key access password:
RUDY LONG GREEN BAD COP HEAL

If you use ssh, it is a little harder. Your ssh client has to support
Version 2 and s/key (openSSH), or Version 1 and "TIS-Auth" (Putty), and
you need to set it up properly. Here's how to do it for OpenSSH:

With Putty, before you log in, go to the "Settings" menu and look under "SSH",
"Auth", and then turn on "Enable TIS Authentication". ("TIS" stands for
Trusted Information Systems, an early computer security research and
development company that used S/Key access in their products).
You may want to save the settings to avoid having to
change them every time you want to use S/Key.

Disabling S/key

If you no longer want to use S/key, you can turn it off entirely by running
the "skeyinit -z" command on each host that you've set up for S/key. Again,
you'll need your normal Unix password.

Important Reminders

Even after you've set up an s/key password on a host,
your Unix password is still valid and is
needed to manage s/key functions. You are in charge of your own
seeds and password. It is your responsibility to make sure you do
not re-use a password or a seed.

Although s/key lets you log in to your Panix
account from an unsecure machine using telnet or FTP without compromising
your password, you are not protected against eavesdropping (where a hostile
party monitors what you are doing) or connection hijacking (where a hostile
party takes over your session and injects their own commands).

For the best possible protection against eavesdropping and connection
hijacking, use SSH with your s/key password instead of telnet, and the
sftp or scp commands instead of FTP.

Given the prevalence of keyboard sniffers in Internet cafes and other
unsecured PCs, you should never use your s/key secret passphrase on
a public terminal that might be compromised. If you are going traveling
and want to access your Panix accounts with s/key, print out the next
20 or so passwords and bring the list with you. Be sure to test out
the first password in the list while you're still at home, in case you made
any mistakes generating the list.